CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2021-22174 – Gentoo Linux Security Advisory 202107-21
https://notcve.org/view.php?id=CVE-2021-22174
01 Feb 2021 — Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file Un bloqueo en el disector HID USB en Wireshark versiones 3.4.0 hasta 3.4.2, permite una denegación de servicio por medio de una inyección de paquetes o un archivo de captura diseñado Multiple vulnerabilities have been found in Wireshark, the worst of which could result in the arbitrary execution of code. Versions less than 3.4.6 are affected. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1999
https://notcve.org/view.php?id=CVE-2021-1999
20 Jan 2021 — Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks m... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-1993
https://notcve.org/view.php?id=CVE-2021-1993
20 Jan 2021 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or al... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 1CVE-2021-3177 – python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
https://notcve.org/view.php?id=CVE-2021-3177
19 Jan 2021 — Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. Python versiones 3.x hasta 3.9.1, presenta un desbordamiento de búfer en la función PyCArg_repr en el archivo _ctypes/callproc.c, que puede conllevar a una ejecución de código remota en determina... • https://bugs.python.org/issue42938 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26422 – Gentoo Linux Security Advisory 202101-12
https://notcve.org/view.php?id=CVE-2020-26422
21 Dec 2020 — Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file Un desbordamiento del búfer en el disector QUIC en Wireshark versiones 3.4.0 hasta 3.4.1, permite una denegación de servicio por medio de una inyección de paquetes o un archivo de captura diseñado Multiple vulnerabilities have been found in Wireshark, the worst of which could result in a Denial of Service condition. Versions less than 3.4.2 are affected. • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-26418 – Gentoo Linux Security Advisory 202101-12
https://notcve.org/view.php?id=CVE-2020-26418
10 Dec 2020 — Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Una filtración de memoria en el disector de protocolo Kafka en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado Multiple vulnerabilities have been found in Wireshark, the worst of which could result in a Denial of Service condition. Versions less than 3... • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-26419 – Gentoo Linux Security Advisory 202101-12
https://notcve.org/view.php?id=CVE-2020-26419
10 Dec 2020 — Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. Una pérdida de memoria en el motor de disección de Wireshark versión 3.4.0, permite una Denegación de Servicio por medio de una inyección de paquetes o un archivo de captura diseñado Multiple vulnerabilities have been found in Wireshark, the worst of which could result in a Denial of Service condition. Versions less than 3.4.2 are affected. • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26420 – Gentoo Linux Security Advisory 202101-12
https://notcve.org/view.php?id=CVE-2020-26420
10 Dec 2020 — Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Una filtración de memoria en el disector del protocolo RTPS en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado Multiple vulnerabilities have been found in Wireshark, the worst of which could result in a Denial of Service condition. Versions less than 3.... • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-26421 – Gentoo Linux Security Advisory 202101-12
https://notcve.org/view.php?id=CVE-2020-26421
10 Dec 2020 — Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Un fallo en el disector del protocolo USB HID y posiblemente en otros disectores en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado Multiple vulnerabilities have been found in Wireshark, the worst of which could result in a De... • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29651 – Ubuntu Security Notice USN-5138-1
https://notcve.org/view.php?id=CVE-2020-29651
09 Dec 2020 — A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. Una denegación de servicio por medio de una expresión regular en el componente py.path.svnwc de py (también se conoce como python-py) versiones hasta 1.9.0, podría ser usada por atacantes para causar un ataque de denegación de servicio del compute-time al suministrar u... • https://github.com/pytest-dev/py/issues/256 •